Collecting Windows® event logs
Windows® events are organized into specific log categories; by default computers running on Windows® NT or higher, record errors, warnings and information events in three logs namely Security, Application and System logs.
As a minimum, Windows® Operating Systems record events in the following logs:
To configure Windows® Event Log collection and processing parameters:
2. Click Windows Event Log tab > Add... to select the logs you want to collect. Expand Windows Logs and/or Applications and Services Logs and select from the list of available logs.
3. (Optional) Click Add custom log... and key in a unique name for the unlisted event log.
4. Select Clear collected events after completion to clear the collected events from the respective event source.
5. Select ArchiveA collection of events stored in the SQL Server based database backed of GFI EventsManager. events in database to archive collected events without applying events processing rules.
6. Select Process using these rule sets and select the rule sets you want to run against the collected events.
7. Select Add generic fields to add extended fields to the database. Extended fields contain data from event descriptions and are added by a common name (example: "Field01", "Custom field name").
8. Click Apply and OK.
Deleting event logs without archiving may lead to legal compliance penalties.